Re: [Pqc] Guidance for runnning Stateful Hash-Based Signatures
Hubert Kario <hkario@redhat.com> Tue, 19 March 2024 15:51 UTC
Return-Path: <hkario@redhat.com>
X-Original-To: pqc@ietfa.amsl.com
Delivered-To: pqc@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id BDABCC14F6E4 for <pqc@ietfa.amsl.com>; Tue, 19 Mar 2024 08:51:48 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -7.104
X-Spam-Level:
X-Spam-Status: No, score=-7.104 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_DNSWL_HI=-5, RCVD_IN_MSPIKE_H4=0.001, RCVD_IN_MSPIKE_WL=0.001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_NONE=0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=redhat.com
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id mpYPD2Tbhafn for <pqc@ietfa.amsl.com>; Tue, 19 Mar 2024 08:51:48 -0700 (PDT)
Received: from us-smtp-delivery-124.mimecast.com (us-smtp-delivery-124.mimecast.com [170.10.129.124]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 07601C14F5E8 for <pqc@ietf.org>; Tue, 19 Mar 2024 08:51:47 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1710863505; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=vBW8p1rKRYpFwcnD4KWFU3lrmi8TwGgRrSS/kCN0UU8=; b=W9s9ePu4N/++rOB2j+w3nimQBdH1azk8KOkgO6tbgGcmIZMOvdFRszsgXhnE4j5KKRyto/ E844RdzK/dGnUTrBjiV+3SB9+x1CdoyKvBNtjQBQ5N92dxxFKW1fGV3Y3bfzuaEmlIFt6H mwDnewS7XwOR53j07ODREcm/yx0BhoU=
Received: from mail-wr1-f71.google.com (mail-wr1-f71.google.com [209.85.221.71]) by relay.mimecast.com with ESMTP with STARTTLS (version=TLSv1.3, cipher=TLS_AES_256_GCM_SHA384) id us-mta-349-DZgKBskMMl6kbJEeaar3fA-1; Tue, 19 Mar 2024 11:51:42 -0400
X-MC-Unique: DZgKBskMMl6kbJEeaar3fA-1
Received: by mail-wr1-f71.google.com with SMTP id ffacd0b85a97d-33ecc0f0c95so3192559f8f.3 for <pqc@ietf.org>; Tue, 19 Mar 2024 08:51:41 -0700 (PDT)
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1710863500; x=1711468300; h=content-transfer-encoding:user-agent:organization:references :in-reply-to:message-id:mime-version:date:subject:cc:to:from :x-gm-message-state:from:to:cc:subject:date:message-id:reply-to; bh=uuOt7FruXaTw8qpyeFxZfIloKqWd6HwvqtjoujpZMro=; b=np3FCGt6vm6Fk5xu1QoWubIWuIyc4S2Pk1UC4Bzigy/soS1TewA/uIOTtYiyEuvZmF YnfeWjeFa7CJrSRJr/hWB7a08PMk3cK286bWv6oy3R8NFmnEcEG0dgxfFb4DYiRlHicJ ppRB7N5cmKPH0XR5s/ybu2YRFok7fuR00nddBhjWRiCJsBTvKPlTkHckGK0PSjOBXC1l hWWkw9r+N7owldN8FC1cZzh/hN/s57nlpkIpM3hbwd+g3STig0UGST62Lk+NQDxmYURe rl3GLmX5WRHtUim/PuBD5FzQnE0ttWw42mjSCW/7HrFodEXS2fE8Dz2B732NKzDEUF6m SoAw==
X-Gm-Message-State: AOJu0Yx7Cvb6A8O1dcG1e+Tar9Uf1BnJ/bYuJRnjuAQHP0SdifFfr61i k34VHhbp5AhbH9yZZQLX1XNb7bKqNYncRIvNlzMmuKfjNBAICE2hJOSd8mKc6j6Wcn26cMBpk7j iMVb16RaNxGYJmRhP8YJDhdVP4wo0lDPK9TdZc5Y0Y7fi5FxF
X-Received: by 2002:a5d:6803:0:b0:33d:fb3:9021 with SMTP id w3-20020a5d6803000000b0033d0fb39021mr10020936wru.54.1710863500052; Tue, 19 Mar 2024 08:51:40 -0700 (PDT)
X-Google-Smtp-Source: AGHT+IFFOXCVnOnk9dYnylWXsGyoDD3BT1A1zQCdYOEGfE2CXhRgzdoELb8uKPTu14OiuDxjKL34IQ==
X-Received: by 2002:a5d:6803:0:b0:33d:fb3:9021 with SMTP id w3-20020a5d6803000000b0033d0fb39021mr10020920wru.54.1710863499671; Tue, 19 Mar 2024 08:51:39 -0700 (PDT)
Received: from localhost (ip-94-112-165-231.bb.vodafone.cz. [94.112.165.231]) by smtp.gmail.com with ESMTPSA id f5-20020adffcc5000000b0033e7b05edf3sm12635132wrs.44.2024.03.19.08.51.38 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 19 Mar 2024 08:51:38 -0700 (PDT)
From: Hubert Kario <hkario@redhat.com>
To: Thom Wiggers <thom@thomwiggers.nl>
Cc: pqc <pqc@ietf.org>
Date: Tue, 19 Mar 2024 16:51:37 +0100
MIME-Version: 1.0
Message-ID: <bedda62a-8477-4197-a92f-67a3526a371f@redhat.com>
In-Reply-To: <E2ACC158-8EDE-4C14-8B62-27B13B999697@thomwiggers.nl>
References: <E2ACC158-8EDE-4C14-8B62-27B13B999697@thomwiggers.nl>
Organization: Red Hat
User-Agent: Trojita/0.7-git; Qt/5.15.11; xcb; Linux; Fedora release 38 (Thirty Eight)
X-Mimecast-Spam-Score: 0
X-Mimecast-Originator: redhat.com
Content-Type: text/plain; charset="utf-8"; format="flowed"
Content-Transfer-Encoding: quoted-printable
Archived-At: <https://mailarchive.ietf.org/arch/msg/pqc/bMvFT0Y6Y0HqNn0Hegan4dFK6W0>
Subject: Re: [Pqc] Guidance for runnning Stateful Hash-Based Signatures
X-BeenThere: pqc@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: Post Quantum Cryptography discussion list <pqc.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/pqc>, <mailto:pqc-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/pqc/>
List-Post: <mailto:pqc@ietf.org>
List-Help: <mailto:pqc-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/pqc>, <mailto:pqc-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 19 Mar 2024 15:51:48 -0000
The issue with export is that you have a state that can be duplicated. So any kind of transfer needs to be an online protocol that ensures that the key cannot be duplicated as part of the transfer, even at the cost of losing the key if the transfer process is interrupted. On Tuesday, 19 March 2024 09:08:07 CET, Thom Wiggers wrote: > Hi all, > > As I just presented at the IETF 119 PQUIP meeting, we got > together with a bunch of people to write down as much as we > could think of on how you can build reliably and safely on top > of stateful hash-based signature schemes (if you can’t just > avoid them, which you likely SHOULD). > > We set out to document stuff ranging from operational > considerations like staff training, discuss things mentioned in > SP800-208 such as how you can have split trees in multiple > signers, discuss what one should consider in certain alternative > approaches to state management for specific scenarios, and also > include some approaches to backup management that go a little > bit beyond what SP800-208 allows (as it currently bans all forms > of key export). > > The initial version of our draft can be found > at https://datatracker.ietf.org/doc/draft-wiggers-hbs-state/ > and it lives on Github at > https://github.com/hbs-guidance/draft-hbs-state. > > We are looking forward to having productive discussions with > everyone to make this document as complete as possible. We > already have a good discussion point for some new content in the > issue tracker: should we include a paragraph on “when are S-HBS > schemes appropriate in the first place?”. > > On behalf of my co-authors, > > Cheers, > > Thom -- Regards, Hubert Kario Principal Quality Engineer, RHEL Crypto team Web: www.cz.redhat.com Red Hat Czech s.r.o., Purkyňova 115, 612 00, Brno, Czech Republic
- [Pqc] Guidance for runnning Stateful Hash-Based S… Thom Wiggers
- Re: [Pqc] Guidance for runnning Stateful Hash-Bas… antonio.vaira@siemens.com
- Re: [Pqc] Guidance for runnning Stateful Hash-Bas… Hubert Kario